CVE-2024-5285

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 64.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Wp-affiliate-platformTipsandtricks-hq WP Affiliate Platform
Timeline
PublishedJul 29

Description

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF2024-07-29
GHSA
GHSA-xp28-88f3-2f49: The wp-affiliate-platform WordPress plugin before 62024-07-29
CVE-2024-5285 (MEDIUM CVSS 5.5) | The wp-affiliate-platform WordPress | cvebase.io